« Configuring IIS 6.0 to turn on the TRACE method | Main | Effects of mandatory disclosure laws? »


Oedipus gets plugins for TRACE and PUT/DELETE testing

I just committed some changes to the Oedipus CVS that perform basic testing at the directory level for the presence of the TRACE method (see here why this is bad), and also for the presence of PUT and DELETE methods. PUT and DELETE are associated with incorrect permissions and/or configuration of a web server, are thankfully not that common, and are certainly showstoppers when they are present. For example, don't configure your IIS webserver to support both WebDAV and have the write permissions if you don't want people uploading pages via PUT and deleting pages using DELETE.

Make sure you are running Ruby 1.8.4 or later, otherwise not all of the HTTP methods are supported, and none of the WebDAV stuff I'm working on at the moment will work either...

Tags:

Found this useful? Then Digg It.

Posted by Justin Clarke on March 4, 2006 10:13 AM |


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

All spam will be reported

Search

Google
Web justinclarke

About

This page contains a single entry from the blog posted on March 4, 2006 10:13 AM.

The previous post in this blog was Configuring IIS 6.0 to turn on the TRACE method.

The next post in this blog is Effects of mandatory disclosure laws?.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.36

Valid XHTML 1.0!